Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Exploit World
Advertising
About/Contact
Credits
Sponsors:



WebApp Sec: RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability

RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability

From: RSnake <rsnake_at_shocking.com>
Date: Wed, 11 Jan 2006 09:58:05 -0800 (PST)

         Google has a number of redirection holes just like the one
mentioned in that article, presumably to track user behavior for more
targeted ads. In a cursory check I found four of them (these all simply
redirect to CNN):

http://froogle.google.com/froogle_url?q=http://www.cnn.com
http://www.google.com/url?sa=l&q=http://www.cnn.com/&ai=BsbPer84UQ7D7B73WsAGz6_3bAougzgu3ld23AeualQaA8lcQARgBIPJOKAhIkjlQjrnN4Pj_____AcgBAQ&num=1
http://catalogs.google.com/url?sa=H&title=PC+Connection&subtitle=&q=http://www.cnn.com
http://images.google.com/imgres?imgurl=.&imgrefurl=http://www.cnn.com

         Although in my mind the only thing that makes this worse than
any other redirection attack is that it's Google, and people trust
Google for some reason.

On Wed, 11 Jan 2006, Watchfire Research wrote:

> Hello,
>
> As already stated by Stelian Ene in a posting to bugtraq/webappsec
> (@securityfocus.com), the PayPal phishing scam presented below exploit a
> well-known redirection phishing trick via Google's redirection script.
>
> It is important to mention that unlike what stated in
> http://castlecops.com/article-6460-nested-0-0.html, the attack is not
> based on the Cross-Site Scripting vulnerability which was recently
> detected and published by Watchfire in Google's website
> (http://www.securiteam.com/securitynews/6Z00L0AEUE.html).
>
> Best regards,
> Yair Amit
> Security team
> Watchfire (Israel) Ltd.
>
> -----Original Message-----
> From: Ofer Shezaf [mailto:Ofer.Shezaf_at_breach.com]
> Sent: Wednesday, January 11, 2006 2:18 PM
> To: websecurity_at_webappsec.org
> Cc: zx_at_castlecops.com
> Subject: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site
> Exploits Google XSS Vulnerability
>
>
> Since Paul missed our list, I'm forwarding his very interesting e-mail
> regarding a Google XSS vulnerability exploited for phishing.
>
> ~ Ofer
>
> -----Original Message-----
> From: Paul Laudanski [mailto:zx_at_castlecops.com]
> Sent: Wednesday, January 11, 2006 7:52 AM
> To: bugtraq_at_securityfocus.com; vuln_at_secunia.com;
> webappsec_at_securityfocus.com
> Cc: reportphishing_at_antiphishing.org
> Subject: PayPal Phishing Site Exploits Google XSS Vulnerability
>
> There is a new PayPal phishing site that is crafty and cunning in
> attempting to hide its true address from the surfer. Unsuspecting users
> might fall for this devious trickery. It is thru a Google XSS attack
> that
> the phishing site uses to begin its lure and deception of the surfer.
> Read
> full details and watch the entire captured video of this scam here:
>
> http://castlecops.com/a6460-PayPal_Phishing_Site_Exploits_Google_XSS_Vul
> nerability.html
>
> ( short: http://castlecops.com/article-6460-nested-0-0.html )
>
> --
> Paul Laudanski, Microsoft MVP Windows-Security
> [de] http://de.castlecops.com
> [en] http://castlecops.com
> [wiki] http://wiki.castlecops.com
> [family] http://cuddlesnkisses.com
>
>
>
> ------------------------------------------------------------------------
> -
> This List Sponsored by: Watchfire
>
> Watchfire's AppScan is the industry's first and leading web application
> security testing suite, and the only solution to provide comprehensive
> remediation tasks at every level of the application. See for yourself.
> Download AppScan 6.0 today.
>
> https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
> ------------------------------------------------------------------------
> --
>
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>
>
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>
>

-R http://ha.ckers.org/xss.html

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Received on Jan 11 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]